While FinCEN acknowledged the decision to maintain any account rests with the institution, the guidance (FIN-2007-G002) stated, "Although there is no requirement that a financial institution maintain a particular account relationship, financial institutions should be mindful that complying with such a request may further law enforcement efforts to combat money laundering, terrorist financing, and other crimes."

NAFCU Director of Compliance Anthony Demangone explained, "The thing that's interesting for credit unions, it's much harder for a credit union to close an account than a bank." Credit unions have to hold a hearing to allow the member to defend him/herself; notification of suspicious activity reports is prohibited. He noted that CURIA has a provision to try to fix that archaic requirement for credit unions to expel members.

Any institution receiving a request to keep open a suspect account should obtain it in writing, which should include the duration of the request--not to exceed six months, and ensure the request came from a legitimate source. Subsequent requests could be issued to extend the length of time to keep the account open. Documentation should be maintained for up to five years. In these instances, institutions will be required to continue their SARs and other filing requirements.

Additional guidance (FIN-2007-G003) was issued the same day reminding credit unions and other financial institutions how to handle the supporting documentation that goes with SARs. The supplementary documentation must be kept on file at the institution for five years and, when it is requested, the institution must ensure the request is legitimate. "Supporting documentation" refers to all documents that helped the institution determine the need for the SAR filing.

Finally, according to FinCEN's guidance, no legal process is required for sharing financial records with law enforcement in a financial institution's "supervisory, regulatory, or monetary functions." The Right to Financial Privacy Act does not apply here.